| Summary: | <media-libs/openjpeg-1.5.2: multiple vulnerabilities (CVE-2013-{1447,6045,6052,6053,6054,6887}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2013/12/04/6 | ||
| Whiteboard: | A2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 484802 | ||
| Bug Blocks: | |||
CVE Assignments: 1. heap OOB reads, information leaks - (CVE-2013-6052) 2. heap OOB reads, information leaks (V: 1.5.1 Only) - (CVE-2013-6053) 3. heap OOB writes (CVE-2013-6045) 4. heap OOB writes (V:1.3 Only) - (CVE-2013-6054) 5. null pointer dereferences, division by zero, and anything that would just fit as DoS (CVE-2013-1447) 6.null pointer dereferences, division by zero, and anything that would just fit as DoS (V: 1.5.1 Only) - (CVE-2013-6887) Patches attempts are at the URL: http://www.openwall.com/lists/oss-security/2013/12/04/6 CVE-2013-6054 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6054): Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. CVE-2013-6052 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6052): OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors. CVE-2013-6045 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6045): Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors. CVE-2013-1447 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1447): OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors. fixed in 1.5.2: http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS CVE-2013-6887 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6887): OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. CVE-2013-6053 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6053): OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. 1.5.2 is in Portage, see also bug 484802 *** Bug 506456 has been marked as a duplicate of this bug. *** Stabilization is happening at bug 484802 as we speak. Stabilization is complete from bug 484802 (see "Depends on: ") so changed Whiteboard to "glsa?" Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes Ignore the Vote this is a A2, I was going by blocker. New GLSA Request filed. This issue was resolved and addressed in GLSA 201412-24 at http://security.gentoo.org/glsa/glsa-201412-24.xml by GLSA coordinator Sean Amoss (ackle). |
From ${URL} : During a review for EDF, I discovered multiple kinds of vulnerabilities in openjpeg (different than CVE-2013-4289 and CVE-2013-4290). Summary: * multiple denial of service (null ptr deref, high resource consumption - in the order of 20GBs, division by zero, etc), * invalid free()s (didn't check impact), * out of bounds array reads and writes (similar to CVE-2012-3358, so possibly exploitable to run arbitrary code), * a format string bug (didn't check impact, at least DoS, ileak), and * the use of uninitialized memory for all sorts of things. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.